From 192be467f1d05e5e148481c5497444ffc97603eb Mon Sep 17 00:00:00 2001 From: Guilhem Moulin Date: Mon, 21 Jan 2013 18:11:27 +0100 Subject: Everyone can check for the absence of the 'pending' status. --- ldap/acl.ldif | 12 +++++++++--- 1 file changed, 9 insertions(+), 3 deletions(-) (limited to 'ldap/acl.ldif') diff --git a/ldap/acl.ldif b/ldap/acl.ldif index ce2aa4c..4cf7e10 100644 --- a/ldap/acl.ldif +++ b/ldap/acl.ldif @@ -116,8 +116,14 @@ olcAccess: to dn.base="ou=virtual,o=mailHosting,dc=fripost,dc=dev" olcAccess: to dn.regex="^(fvu|fva|fvl)=(postmaster|abuse),fvd=[^,]+,ou=virtual,o=mailHosting,dc=fripost,dc=dev$" by * =0 # -# Only the domain Postmasters and Owners can read and search the unlock token and -# delete the 'pending' status. +# Everyone can check for the non-presence of the 'pending' status. +olcAccess: to dn.regex="^fvd=[^,]+,ou=virtual,o=mailHosting,dc=fripost,dc=dev$" + filter=(&(objectClass=FripostVirtualDomain)(!(fripostPendingToken=*))) + attrs=fripostPendingToken + by dn.regex="^fvu=[^,]+,fvd=[^,]+,ou=virtual,o=mailHosting,dc=fripost,dc=dev$" =s +# +# Only the domain Postmasters and Owners can search the unlock token and delete the +# 'pending' status (but not read). olcAccess: to dn.regex="^fvd=[^,]+,ou=virtual,o=mailHosting,dc=fripost,dc=dev$" filter=(objectClass=FripostVirtualDomain) attrs=fripostPendingToken @@ -175,7 +181,7 @@ olcAccess: to dn.regex="^fvd=[^,]+,ou=virtual,o=mailHosting,dc=fripost,dc=dev$" by dnattr=fripostPostmaster =wrscd by dn.regex="^fvu=[^,]+,fvd=[^,]+,ou=virtual,o=mailHosting,dc=fripost,dc=dev$" +0 # -# Every one can add or delete children, but we will be carefull with the +# Everyone can add or delete children, but we will be carefull with the # kid's "entry" attribute, which require +a and +z to add and delete # respectively. olcAccess: to dn.regex="^fvd=[^,]+,ou=virtual,o=mailHosting,dc=fripost,dc=dev$" -- cgit v1.2.3